Now this flaw (called redirect to SMB) has been in Windows since 1997 and is still present in the latest OS from Microsoft. It is just another of those things that has lingered in the Windows world because no one has complained loudly about it enough. Now that there are reports that the Sony hack was pulled off using this flaw Microsoft is stepping up and working on a patch. There is a pretty simple work around until that is ready. You can block TCP ports 139 and 445 on your firewall (if it supports that). These are both used by SMB so blocking these are the edge of your network (where it connects to the internet) will prevent someone using this to gain access from outside. You will still be able to use SMB internally if you need/want to.
But wait there is more. Although this flaw seems to be most commonly found in Windows it has also been reported in Apple’s updater for QuickTime and iTunes, the Box Sync client app for Box, TeamView and… a few anti-virus software applications. Norton Security Scan from Symantec, AVGFree, BitDefender Free and Comodo Antivirus all have the same flaw in them and a vulnerable to this. Having your malware protection open to something like this is not what you want to hear. There are more utilities, applications and even installers that are affected by this which makes it a very serious issues at this stage.
We are working on testing a few other applications to see if this exists outside the Windows world and will follow up when we know more. For now, we highly recommend you block SMB (TCP ports 139 and 445) at your firewall to prevent that innocent looking logon box from being what brings your network down. After all, how many people do you know that would type in their user names and passwords if Microsoft presented the little SMB logon box when they clicked on something? Personally I know a lot and that is a very frightening thing.